Quantum cryptography involves exchanging messages between a sender (“Alice”) and a receiver (“Bob”) by encoding a plain text message with a key that has been shared between the two using weak (e.g., 0.1 photon on average) optical signals (pulses) transmitted over a “quantum channel.” Such a system is referred to as a quantum key distribution (QKD) system. The security of QKD systems is based on the quantum mechanical principle that any measurement of a quantum system will modify its state. As a consequence, an eavesdropper (“Eve”) that attempts to intercept or otherwise measure the quantum signal will introduce errors into the transmitted signals, thereby revealing her presence. Because only the key is transmitted in a QKD system, any information about the key obtained by an eavesdropper is useless if no message based on the key is sent between Alice and Bob.
The general principles of quantum cryptography were first set forth by Bennett and Brassard in their article “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the International Conference on Computers, Systems and Signal Processing, Bangalore, India, 1984, pp. 175–179 (IEEE, New York, 1984). A “one-way” QKD system is described in U.S. Pat. No. 5,307,410 to Bennet (the '410 patent). A two-way (i.e., folded) QKD system is described in U.S. Pat. No. 6,438,234 to Gisin.
A crucial aspect of creating a commercially viable QKD system is ensuring that the optical pulses sent over the quantum channel have a known intensity. The average number of photons in a given pulse needs to be set to a known quantity, and needs to be less than one. To achieve such low-intensity pulses, a light source (e.g., a laser) is used to emit relatively. high-intensity pulses, and an optical attenuator is used to attenuate the pulses down to the single-photon level.
While people generally understand that optical pulses need to be attenuated in QKD, the practical aspects of performing the needed attenuation tend to remain unappreciated and overlooked. In the quantum cryptography literature, when an attenuator is included as part of a QKD system, its operation is not described in any significant detail. This is because it is generally assumed that prior art attenuation methods, such as those used in optical telecommunications, can be directly applied to QKD systems to achieve optical pulse calibration.
Such assumptions may be true for experimental or prototype. QKD systems, where the precise intensity of the pulses is not a major concern and the instrumentation is in a very well controlled environment. However, for a commercially viable QKD system, it is crucial that the optical pulses have well-controlled intensities in order to create a select number of photons per pulse on average (e.g., 0.1 photons per pulse.) over a long period of time, and under a wider set of environmental factors. If the pulses are too strong, they will no longer be at the single-photon level and the security of the QKD is compromised. On the other hand, if the pulses are too weak, then, many pulses will go undetected, which reduces the key transmission rate.
A laboratory QKD system can be tuned to each individual test setup. A commercially viable QKD system will have sources of loss that arise from a number of internal and external factors, such as quantum channel inherent loss, environmental effects, fiber splices, fiber type and length, etc., that are different for each installation. This makes the process of providing pulses with a well-defined, small intensity quite daunting—to the point where the prior art methods for attenuating optical signals used in other optical technologies are not applicable to a high-performance, commercially viable QKD system.
In addition, the self-discovery aspect of setting up a commercial QKD system is simplified by the ability to provide both strong and weak optical pulses. The use of stronger optical pulses for self-calibration and set-up of a QKD system is currently neglected in the prior art.